I'm going with C. Wouldn't want to be the organization that can't demonstrate its security controls are based on actual risk, right? That's just asking for trouble.
I think A is the right choice. Documenting the complexity of processes and their interactions is crucial for understanding the organization's operations.
Option C is clearly the correct answer. An organization needs to demonstrate that its security controls are implemented based on risk scenarios to ensure effective risk management.
Daniel
1 months agoMing
2 months agoChauncey
2 months agoKanisha
2 months agoTimmy
25 days agoSilvana
28 days agoArlyne
2 months agoLashonda
25 days agoChristiane
28 days agoDenny
1 months agoRoyal
2 months agoTyisha
2 months agoDaniel
1 months agoTerrilyn
1 months agoSharee
1 months agoLashawnda
1 months agoAlise
2 months agoChuck
2 months agoJanessa
2 months agoHuey
3 months agoGerald
3 months agoCharolette
1 months agoMatilda
2 months agoKeneth
2 months agoAnnalee
3 months ago